Articles about Malware

Blacklists miss 90% of malware blogged IP love

Threat intelligence firm RecordedFuture says popular web blacklists are missing thousands of IP addresses linked to malware data theft. The Massachusetts company, which boasts it's scored four out of five "top companies in the world" as clients, says correlating IP addresses to malware references yields between a thousand and …
Darren Pauli, 12 Aug 2015

Malwarebytes slurps startup, hopes to belch out Mac malware zapper

Security software firm Malwarebytes is moving into the Mac security software market with the acquisition of a start-up and the launch of its first anti-malware product for Apple computers. Malwarebytes Anti-Malware for Mac is designed to detect and remove malware, adware, and PUPs (potentially unwanted programs). The release …
John Leyden, 15 Jul 2015
Tiltshift Manipulated Sandpit by https://www.flickr.com/photos/mmichaelis/ cc 2.0 attribution https://creativecommons.org/licenses/by/2.0/

Nasty Dyre malware bests white hat sandboxes

Seculert CTO Aviv Raff says a nasty piece of malware linked to widespread destruction and bank account plundering has become more dangerous with the ability to evade popular sandboxes. Raff says the Dyre malware ducks popular sandbox tools by detecting the number of cores in use. The known but effective and previously unused …
Darren Pauli, 04 May 2015

OS X remote malware strikes Thunderbolt, hops hard drive swaps

BlackHat video Researchers Trammel Hudson and Xeno Kovah have built a self-replicating Apple firmware malware that can infect peripherals to spread to new computers. The ThunderStrike 2 malware is the second iteration of the attack forged earlier this year and liberates the requirement for attackers to have physical access to machines. …
Darren Pauli, 04 Aug 2015
Jamie Oliver

Jamie Oliver's ministry of malware served slops AGAIN

Celebrity chef, food activist and supermarket promoter Jamie Oliver's website has been compromised for the third time this year. As with the previous two attacks, the WordPress site is serving up a password stealer, according to Malwarebytes, which hat-tipped Twitter account @hasherezade for the information. Malwarebytes says …

Small businesses trashed in big malware campaign

Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign. Noar says criminals have stolen some 10,000 documents from nanotechnology, education, and media outfits in an attack that foists a newly-discovered strain of …
Darren Pauli, 29 May 2015

MS scolds businesses for failing to eradicate 7-year-old malware

Zero-day threats and custom malware get all the publicity, but age-old malware strains including ZeuS and Conficker remain active in UK corporates. “The bad guys don’t have to be smart, they can use something that’s 7-8 years old,” Stuart Aston, chief security advisor at Microsoft UK, told delegates at the RSA Unplugged mini- …
John Leyden, 04 Jun 2015
Flytrap

Outbreak! Fake Amazon voucher offer seeds mobile malware attack

Spoofed Amazon vouchers are being used to spearhead a campaign to contaminate Android mobiles with malware, messaging security firm AdaptiveMobile warns. The attack, dubbed "Gazon", sends messages to victims’ mobile phone contacts linking to supposed offers for (non-existent) Amazon vouchers fictitiously promising a gift of $200 …
John Leyden, 04 Mar 2015

Three Estonians jailed for malware spree that infected 4 MILLION computers

Three Estonians have been sentenced to a cumulative 11 years for their cybercrime activities which infected more than four million computers with malware across more than 100 countries. The three crims, who were sent down by US District Judge Lewis A. Kaplan in Manhattan on Thursday, were: Timur Gerassimenko, 35, who received …

Regin super-malware has Five Eyes fingerprints all over it says Kaspersky

The Regin malware, often described as the devil spawn of Stuxnet and Duqu, is the handiwork of the Five Eyes nation state spy apparatus, analysis reveals. The malware was named in November by researchers impressed with the smarts that helped it hide in plain sight for up to six years. Analysis overnight by Kaspersky malware …
Darren Pauli, 28 Jan 2015
typewriter_wtf_648

Undetectable NSA-linked hybrid malware hits Intel Security radar

CTB Locker ransomware attacks rose 165 per cent in the first three months of 2015. More than a third (35 per cent) of victims were based in Europe, McAfee Labs reported. CTB Locker encrypts files and holds them hostage until the ransom is paid. As such, the crimeware is picking up the baton that dropped with the takedown of the …
John Leyden, 09 Jun 2015
Cartoon of  green skeletal figure reaching out of phone

DARPA-funded team says it can SMELL Android malware

A trio of DARPA-backed Iowa State University researchers have developed a tool to help speed up android malware analysis. The Security Toolbox developed by the DARPA blue team uses features including 'smells' which sport stronger heuristics to flag possible signs of hidden malware badness. Benjamin Holland, Tom Deering, and …
Darren Pauli, 09 Apr 2015

'Ruskie' malware pwns iOS 7

Attackers, perhaps of Russian origin are infecting the iPhones linked to government, defence and media sectors with dangerous spy malware capable of breaching non-jailbroken devices, researchers say. The XAgent malware part of attacks unveiled last year against Windows devices has moved to iOS targeting iOS 7 and to much lesser …
Darren Pauli, 05 Feb 2015

Macroviruses are BACK and are the future of malware, says Microsoft

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros. Word processors throw warnings …
Darren Pauli, 30 Apr 2015

AT LAST: Australia gets its very own malware

Australians are being targeted by a new variant of the Carberp malware under what appears to be renewed criminal interest in the antipodes. The modified trojan, Carberp.C, was spread through a spam operation masquerading as a payment invoice. Virus writers pushed the malware out a day after coding it, Symantec researcher …
Darren Pauli, 19 Jan 2015

21st century malware found in Jane Austen's 19th century prose

Cisco's 2015 Midyear Security Report has revealed that at least one group of malware-spreading scum has a literary bent. The report found one group of criminals who were hosting a webpage designed to inject exploit code into unpatched browsers. Typically these landing pages have very little on them, often just random text, but …
Iain Thomson, 28 Jul 2015
Close-up of the flu virus (artist's impression) - Shutterstock

Malware uses Windows product IDs to mix mutex

Malware writers are using Windows unique product numbers to generate mutex values to evade researchers, SANS security boffin Lenny Zeltser says. Mutex values are used as an accurate reference to determine if multiple identical processes are running. Malware including the infamous BackOff credit card stealer has used mutex for …
Darren Pauli, 11 Mar 2015
grand_theft_auto_v_gta_5_648

Screech! Grand Theft Auto V malware mods warning

Cybercrooks are cooking up malware disguised as mods for the Grand Theft Auto V video game. GTA V allows players to modify their gaming environment with "mods" (modifications). It's all been good fun, but recently two of the mods – "Angry Planes" and "No Clip" – have generated warnings on forums frequented by fans of the game. …
John Leyden, 18 May 2015
Malware

158 new malware created EVERY MINUTE

Malware monitors PandaLabs says 227,747 new malware samples are released every day. The findings from its recent survey found 20 million samples were created in the third quarter of 2014. Three quarters of infections were trojans while only 9 percent were viruses and 4 percent worms. The number of trojans rose 13 percent over …
Darren Pauli, 06 Nov 2014

Duqu 2.0‬ malware buried into Windows PCs using 'stolen Foxconn certs'

The super-sophisticated malware that infiltrated Kaspersky Labs is craftier than first imagined. We're told that the Duqu 2.0 software nasty was signed using legit digital certificates issued to Foxconn – a world-leading Chinese electronics manufacturer, whose customers include Microsoft, Dell, Google, BlackBerry, Amazon, Apple …
John Leyden, 15 Jun 2015

FBI opens Malware Investigator portal to industry

The Federal Bureau of Investigations has released a formerly in-house malware-analysing portal to help speed up incident responses and help industry and law enforcement with investigations. The G-men hope the Malware Investigator portal can let businesses build responses to new malware without such heavy reverse-engineering …
Darren Pauli, 30 Sep 2014
Cartoon of  green skeletal figure reaching out of phone

Fraudsters target Nazi Android malware at Russian bank customers

Alleged members of a gang of "cyber-fascist" Android malware-slingers have been arrested in Russia. The alleged perps behind the scam targeted customers of Russian bank Sberbank with software they called "Fifth Reich", which used Nazi symbols in the management system. Fraudsters targeted malware attacks at Android-operated …
John Leyden, 13 Apr 2015

Ad slingers beware! Google raises Red Screen of malware Dearth

Watch out dodgy ad slingers and news sites; Google is expanding its 'last line of defence' Chrome feature to brand all security-slacker ad networks as unsafe. The Chocolate Factory will, over coming weeks, expand its Safe Browsing feature such that it throws an ominous Red Screen™ in front of ad networks it says have poor …
Darren Pauli, 17 Jul 2015
Malware image

Wicked WikiLeaks leaks considered harmful: Alert over malware lurking in dumped docs

Documents laced with malware have been found in WikiLeaks.org's cache of files obtained from hacked CIA wannabe Stratfor. Intelligence biz Stratfor was ransacked by Jeremy Hammond in late 2011, and its email archives passed to whistleblowing website WikiLeaks in early 2012. The Julian Assange™-led organization soon began …
Chris Williams, 17 Jul 2015

Israeli gov & boffins targeted by pr0ntastic malware from Gaza

Hackers from Gaza and Egypt appear to have teamed up in order to attack Israeli government, research, infrastructure and military networks. Security researchers at Trend Micro have traced ongoing malware-based attacks against Israeli organisations back to Gaza. Trend have uncovered two separate, but interconnected campaigns. …
John Leyden, 16 Feb 2015

Ebay snuffs malware upload bug

Hacker Aditya Sood has disclosed two vulnerabilities in eBay that allow hackers to upload files for drive-by-download attacks. The security bod (@AdityaKSood) told ThreatPost the flaws allow attackers to upload malicious content that appear to be benign. Once uploaded to eBay, malware can be sent to victims using direct links …
Darren Pauli, 31 Mar 2015
hacker

Penn State University network sacked by China malware blitz

Penn State University has had to take networks in its school of engineering offline after falling victim to a malware attack traced partially to China. Acting on an FBI tip, the school found that PCs on the network of its College of Engineering were infected with malware that appeared to be trying to harvest research data and …
Shaun Nichols, 15 May 2015

'Rombertik' malware kills host computers if you attempt a cure

Cisco researchers Ben Baker and Alex Chiu have found new malware that destroys a machine's Master Boot Record and home directories if it detects meddling white hats. The pair from the Borg's TALOS malware probing department say the "Rombertik" malware is designed to steal keystrokes and data and targets Windows users through …
Darren Pauli, 05 May 2015

Favicons used to update world's 'most dangerous' malware

Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network. The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence. He …
Darren Pauli, 25 Mar 2015
The Bundestag in Berlin. Pic: Hernán Piñera

Confusion reigns as Bundestag malware clean-up staggers on

A malware infestation at the Bundestag is proving harder to clean up than first predicted, with several unconfirmed local reports going as far as suggesting that techies might have to rebuild the entire network from scratch. As previously reported, a state-sponsored attack is suspected for the widespread infection of systems …
John Leyden, 12 Jun 2015
Sleeping

Android malware hijacks power button, empties wallet while you sleep

Security biz AVG has spotted an outbreak of a new kind of Android malware that will come alive even when the phone is supposedly switched off. The software nasty is able to do this by hijacking the mobe's power-off sequence. Android malware No shutdown for you! Part of the Android shutdown sequence "After pressing the power …
Iain Thomson, 19 Feb 2015

Windows and OS X are malware, claims Richard Stallman

Linux GNU firebrand Richard Stallman says Windows and Apple's OS X are malware, Amazon is Orwellian, and anyone who trusts the internet-of-things is an ass. In a column for The Grauniad Stallman preaches to the non-technical masses about the evils of proprietary software and vendor lock-in, and how closed-door coding …
Darren Pauli, 25 May 2015
virus_1_648

You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors

Internet lowlives who used Yahoo! ads to infect potentially countless PCs with malware have struck again – using adverts on popular websites to reach millions more people. Security researchers at MalwareBytes this week discovered the crooks running another massive campaign of ads that use the Angler Exploit Kit to infiltrate …
Shaun Nichols, 14 Aug 2015

Bank-heist malware's servers phone home to Russian spookhaus

Trend Micro researcher Maxim Goncharov says one of the world's most sophisticated and dangerous bank-robbing trojans is now pointing to Russia's Federal Security Service (FSB). Goncharov says the Carbanak trojan's command and control servers now point to the FSB in what could be a joke or gaffe by malware authors. Carbanak in …
Darren Pauli, 25 May 2015
Close-up of a woman's lips, slightly pixelated as if on a CRT TV. http://www.sxc.hu/photo/20984  Pic via SXC - no restrictions

Fake hottie hackers flung info-slurping malware at Syrian opposition – FireEye

Cyberspies used social engineering trickery to steal Syrian opposition’s strategies and battle plans, according to security researchers. Hackers employed a familiar tactic: ensnaring victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed onto Skype chats, the “women” would …
John Leyden, 02 Feb 2015
detour

eBay bug turns phishing email links into malware-stuffed booby prizes

eBay is racing to fix a second serious security flaw that may allow criminals to spread malware through files seemingly hosted by the online tat bazaar. The bug is closely related to an earlier one discovered by David Sopas, a researcher at security firm WebSegura in Portugal. The hole uncovered by Sopas, since closed by eBay, …
Iain Thomson, 23 May 2015

FACEPALM! HP cert used to sign malware

HP accidentally signed some malware, according to Krebs on Security. Krebs reports that the certificate was “used to cryptographically sign software components that ship with many of its older products”, mostly for PC software, but that back in 2010 it was also used to sign some malware. HP will therefore revoke the certificate …
Simon Sharwood, 12 Oct 2014
apple mac malware vxer

This Apple Mac has malware. How do I mop up?

Readers' Corner We all know that Macs don't get PC viruses. But they can and sometimes do get Mac viruses. Hence this terse request from Dewix in El Reg forums. Mother-in-law has managed to get malware on her Mac. Anyone recommend a no fuss AV? Somewhat sparse on the details, Dewix. Reg readers can you help? Recommendations here. Thank- …
Aaron Milne, 16 Jun 2014
Facebook privacy image

Facebook cosies up to ESET for malware detection

Facebook, which earlier this year started partnering with F-Secure and Trend Micro for malware detection, has added Slovak vendor ESET to its suite of security products. The previous tie-ups, detailed here, are worth noting to put the new partnership in context. F-Secure and Trend both pointed Facebook users at their free online …

Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters

Black Hat 2015 When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …
Iain Thomson, 05 Aug 2015

POS malware crooks hack IP cams to validate targets

Carders operating the BackOff point of sales malware are hacking IP cameras to make sure their targets are worth attacking, says researcher Rotem Kerner says. The research plugs a "critical" gap in a July disclosure by the US CERT, which warned the popular carder malware was being flung at businesses using remote desktop …
Darren Pauli, 24 Dec 2014

France fingered as source of Syria-spying Babar malware

France's spy agency has been fingered as the likely author of complex reconnaissance malware, researchers say. The Casper malware is one of a handful with links to the Babar spy program which leaked NSA documents revealed last month to be the handiwork of France's Direction Générale de la Sécurité Extérieure (General Directorate …
Darren Pauli, 06 Mar 2015

Researcher says Aussie spooks help code Five Eyes mega malware

The Australian Signals Directorate (ASD) has refused to comment on allegations it had a hand in the creation of a keylogging module used by global spookhauses and considered almost identical to parts of the complex Regin malware. Security bods fingered its involvement due to a file path in the malware's code that referenced the …
Darren Pauli, 29 Jan 2015
Cartoon of  green skeletal figure reaching out of phone

DeathRing: Cheapo Androids pre-pwned with mobile malware

A new mobile Trojan is being pre-loaded onto smartphones somewhere in the supply chain. DeathRing masquerades as a ringtone app and is impossible to remove because it’s pre-installed in the system directory, according to mobile security firm Lookout. Samples of the malware are restricted to entry-level phones purchased in Asian …
John Leyden, 04 Dec 2014
Babar the Elephant. Pic: Brendan Adkins

Babar the Elephant: Another malware plague with a cute name

A strain of French-language cyber-espionage malware spotted by infosec researchers shows that the NSA aren't the only spook agency brewing custom nasties to steal sensitive data. Babar was first mentioned in documents from Canadian intel agency CSEC (Communications Security Establishment Canada) leaked by Edward Snowden. They …
John Leyden, 19 Feb 2015

US hospitals to treat medical device malware with AC power probes

Two large US hospitals will in the next few months begin using a system that can detect malware infections on medical equipment by monitoring AC power consumption. The unnamed hospitals will be the first in a list to test the add-on monitoring platform dubbed WattsUpDoc to check for potentially life-threatening malware running …
Darren Pauli, 27 Apr 2015

jQuery site popped to serve malware slop

The jQuery site served credential-stealing malware to scores of users who visited the website on September 18, researcher James Pleger says. The super-popular JavaScript library was used by 30 percent of websites including 70 percent of the 10,000 most popular sites which may have been compromised by the RIG exploit kit. jQuery …
Darren Pauli, 24 Sep 2014

Mac fans! Don't run any old guff from the web: Malware spotted exploiting OS X root bug

The amusing vulnerability in Apple's OS X that grants administrator-level access to anyone who asks is being exploited in the wild by malware. Yeah, malware exists for Macs, this isn't the 1990s. Anyone logged in to a vulnerable OS X computer, or any software running on it, can use the security hole to gain the same privileges …
Chris Williams, 04 Aug 2015
Hacker baseball cap

Hackers use DRAFT emails as dead-drops for running malware

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments. Attacks occur in two phases. Hackers first infect a targeted machine via simple malware that installs Python onto the …
John Leyden, 06 Nov 2014
Headshot of Trojan horse

Does your mate send smut vids on Facebook? 1. That's a bit weird. 2. It may be malware

A security researcher is warning of an ongoing attack against Facebook users in which a phony Flash Player download tries to take over their computers. The distribution mechanism is fairly commonplace – a video message purporting to be pornography is sent to someone on Facebook, and suggests a Flash upgrade is required to play …
Iain Thomson, 31 Jan 2015